Security & privacy
We protect children's data the way we'd protect our own.
BlueCare is engineered to a HIPAA-aware standard with privacy posture aligned to Saudi PDPL and GDPR-style rights. Below is what that actually means in practice.
Technical controls
Encrypted at rest
All persisted data — children's profiles, session events, vocabulary, audio clips, audit logs — is encrypted at rest in our managed Postgres.
Encrypted in transit
TLS 1.3 everywhere. HSTS preloaded. Strict referrer policy and a content-security-aware permissions policy on every response.
Row-level security on every table
A caregiver can only see their own children. A therapist can only see clients they've been explicitly invited to. Admins can never read child input content. The database itself enforces it, not just the application.
Least-privilege roles
Service-role access is gated to specific server-only paths. Application code uses the user's JWT so RLS triggers on every query.
Audit log on every privileged action
Sign-in, profile updates, child creation, symbol moderation, data exports, and consent changes all write a row to an append-only audit log. Admins read; nobody updates or deletes.
Per-child AI cost cap
Every paid AI call (speech transcription, suggestions, voice synthesis) passes through a single guard that enforces a monthly per-child budget — preventing runaway cost or runaway use.
No third-party tracking on child surfaces
The child board never includes third-party analytics. Caregiver dashboards include only product analytics that exclude any child input content.
On-device gesture recognition
Hand tracking runs in the browser via MediaPipe. Camera frames never leave the device unless a caregiver opts in for a specific session.
Your rights
Export
One click downloads everything we have on your account — profiles, sessions, vocabulary, audit log entries — as a portable archive.
Delete
One click deletes your account. We tombstone immediately and purge within 30 days end-to-end, including backups within their retention window.
Revoke consent
Each consent scope (data processing, voice recording, webcam, AI personalization) can be revoked independently at any time.
Inspect
The audit log is visible to admins. We will share the entries that pertain to your account on request.
Vulnerability disclosure
If you find a security issue, please email security@bluecare.app. We commit to acknowledging within 48 hours and fixing within reasonable timelines based on severity. We don't run a paid bounty yet — but we publicly thank reporters with permission.